Stats
Actions
Tags
From claudio
Guides STRIDE threat modeling for security analysis, vulnerability assessments, and architecture evaluations with process phases, templates, and Mermaid diagrams.
How this skill is triggered — by the user, by Claude, or both
Slash command
/claudio:security-strideThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Guide for comprehensive security analysis using the STRIDE threat modeling framework, vulnerability assessment, and security architecture evaluation.
Guide for comprehensive security analysis using the STRIDE threat modeling framework, vulnerability assessment, and security architecture evaluation.
Activate when:
STRIDE categorizes security threats into six categories:
Identity theft/impersonation threats
Data modification threats
Deniability threats
Data exposure threats
Availability threats
Authorization bypass threats
## Threat: [STRIDE Category] - [Threat Name]
### Description
[Detailed threat description]
### Attack Vector
[How the attack could be executed]
### Affected Components
- [Component 1]
- [Component 2]
### Risk Assessment
- **Likelihood**: High/Medium/Low
- **Impact**: High/Medium/Low
- **Risk Score**: [Likelihood × Impact]
### Mitigation
- [Mitigation step 1]
- [Mitigation step 2]
### Verification
- [How to verify mitigation is effective]
graph LR
A[User] -->|HTTPS| B[Load Balancer]
B -->|Internal| C[App Server]
C -->|Query| D[(Database)]
C -->|API| E[External Service]
style B fill:#f9f,stroke:#333
style D fill:#bbf,stroke:#333
graph TB
subgraph "Untrusted Zone"
A[Internet Users]
end
subgraph "DMZ"
B[Web Server]
end
subgraph "Trusted Zone"
C[App Server]
D[(Database)]
end
A --> B
B --> C
C --> D
# Security Assessment Report
## Executive Summary
- **Overall Risk Level**: [Critical/High/Medium/Low]
- **Critical Issues**: [Count]
- **High Issues**: [Count]
- **Recommendations**: [Top 3 actions]
## Threat Model Analysis
### STRIDE Coverage
- Spoofing: [Finding count]
- Tampering: [Finding count]
- Repudiation: [Finding count]
- Information Disclosure: [Finding count]
- Denial of Service: [Finding count]
- Elevation of Privilege: [Finding count]
## Architecture Diagram
[Mermaid diagram with trust boundaries]
## Findings
### Critical
1. [Finding with STRIDE category]
### High Priority
1. [Finding with STRIDE category]
## Remediation Roadmap
### Immediate (0-7 days)
- [Action items]
### Short-term (1-4 weeks)
- [Action items]
### Long-term (1-3 months)
- [Action items]
npx claudepluginhub vinnie357/claude-skills --plugin claudioApplies STRIDE methodology to model threats: identifies components, generates Mermaid DFDs, categorizes threats, scores risks by probability/impact, proposes mitigations.
Systematically identify and document threats using the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege). Use when designing systems, reviewing architectures, conducting security design reviews, or updating threat models.
Applies STRIDE threat modeling to system data flow diagrams to enumerate threats, assess risk, and produce prioritized mitigations. Use during system design, architecture review, or before security audits.